Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

shishi_tkt_transited_policy_checked_shshishi_tkt_transited_policy_checked_p(3)

NAME
       shishi_tkt_transited_policy_checked_p - API function

SYNOPSIS
       #include <shishi.h>

       int shishi_tkt_transited_policy_checked_p(Shishi_tkt * tkt);

ARGUMENTS
       Shishi_tkt * tkt
		   input variable with ticket info.

DESCRIPTION
       Determine if ticket has been policy checked for transit.

       The  application	 server	 is  ultimately	 responsible  for accepting or
       rejecting authentication and SHOULD check that  only  suitably  trusted
       KDCs  are relied upon to authenticate a principal.  The transited field
       in the ticket identifies	 which	realms	(and  thus  which  KDCs)  were
       involved	 in the authentication process and an application server would
       normally check this field. If any of these are untrusted	 to  authenti‐
       cate   the   indicated  client  principal  (probably  determined	 by  a
       realm-based policy), the authentication attempt MUST be	rejected.  The
       presence	 of  trusted KDCs in this list does not provide any guarantee;
       an untrusted KDC may have fabricated the list.

       While the end  server  ultimately  decides  whether  authentication  is
       valid,  the  KDC	 for the end server's realm MAY apply a realm specific
       policy for validating the transited field and accepting credentials for
       cross-realm  authentication.  When  the	KDC  applies  such  checks and
       accepts such cross-realm authentication it will set the	TRANSITED-POL‐
       ICY-CHECKED  flag  in  the  service  tickets  it	 issues	 based	on the
       cross-realm TGT. A client MAY request that the KDCs not check the tran‐
       sited  field  by	 setting  the  DISABLE-TRANSITED-CHECK	flag. KDCs are
       encouraged but not required to honor this flag.

       Application servers MUST either do  the	transited-realm	 checks	 them‐
       selves, or reject cross-realm tickets without TRANSITED-POLICY- CHECKED
       set.

RETURN VALUE
       Returns non-0 iff transited-policy-checked flag is set in ticket.

REPORTING BUGS
       Report bugs to <bug-shishi@gnu.org>.

COPYRIGHT
       Copyright © 2002-2010 Simon Josefsson.
       Copying and distribution of this file, with  or	without	 modification,
       are  permitted  in  any	medium	without royalty provided the copyright
       notice and this notice are preserved.

SEE ALSO
       The full documentation for shishi is maintained as  a  Texinfo  manual.
       If  the	info  and shishi programs are properly installed at your site,
       the command

	      info shishi

       should give you access to the complete manual.

shishi				     1shishi_tkt_transited_policy_checked_p(3)

Vote for polarhome